Hi Fabrice, Here are the options that can be added:
[AirEngine9700-M1-url-template-PacketFence]url-parameter ? ap-group-name AP group name ap-ip AP IP address ap-location AP location ap-mac AP MAC address ap-name AP name device-ip Device IP address device-mac Device MAC address login-url Device's login URL provided to the external portal server mac-address Mac address redirect-url The url in user original http packet set Set ssid SSID sysname Device name user-ipaddress User IP address user-mac User MAC address url-template name PacketFence url https://wifi.fispy.mx/captive-portal url-parameter device-ip ac-ip user-ipaddress userip ssid ssid user-mac ap-mac 200 9003 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx} "GET /captive-portal?ac%2Dip=10%2E7%2E255%2E2&userip=10%2E9%2E70%2E173&ssid=FISPY%2DWiFi&ap%2Dmac=f02f4b1467d9 HTTP/1.1" If we do not specify the URL on this configuration, where would PacketFence get the value for the AC Web Authentication call? https://portal.fispy.mx:8443/login?username=($username)&password=($password) <https://portal.fispy.mx:8443/login?username=($username)&password=($password)> Best Regards, Jorge > On Feb 5, 2022, at 8:23 PM, Fabrice Durand <oeufd...@gmail.com> wrote: > > Hello Jorge, > > what we need is the user mac and the ap information. > I found that > https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template > > <https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template> > > Is it possible to add extra parameters like user-mac ssid ap-ip ap-mac ? > > And if yes can you provide me the url generated by the controller when it > redirect ? (haproxy-portal log) > > Regards > Fabrice > > > > Le sam. 5 févr. 2022 à 20:42, Jorge Nolla <jno...@gmail.com > <mailto:jno...@gmail.com>> a écrit : > Hi Team, > > Any input on this? We really would like to get this to work. > > Thank you! > Jorge > >> On Feb 2, 2022, at 7:48 PM, Jorge Nolla <jno...@gmail.com >> <mailto:jno...@gmail.com>> wrote: >> >> Hi Fabrice, >> >> This is the sequence: >> >> Feb 2 14:51:32 wifi haproxy[2427]: 10.9.79.52:61132 >> <http://10.9.79.52:61132/> [02/Feb/2022:14:51:32.663] >> portal-http-10.0.255.99 10.0.255.99-backend/127.0.0.1 <http://127.0.0.1/> >> 0/0/0/201/201 200 7146 - - ---- 3/1/0/0/0 0/0 {wifi.fispy.mx >> <http://wifi.fispy.mx/>} "GET /access?lang= HTTP/1.1" >> Feb 2 14:51:37 wifi haproxy[2427]: 10.9.79.52:61133 >> <http://10.9.79.52:61133/> [02/Feb/2022:14:51:37.905] >> portal-http-10.0.255.99 static/127.0.0.1 <http://127.0.0.1/> 0/0/0/2/2 200 >> 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET >> /common/network-access-detection.gif?r=1643838705224 HTTP/1.1" >> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61130 >> <http://10.9.79.52:61130/> [02/Feb/2022:14:51:43.927] >> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1 <http://127.0.0.1/> >> 0/0/0/122/122 302 1018 - - ---- 4/1/0/0/0 0/0 {wifi.fispy.mx >> <http://wifi.fispy.mx/>} "GET >> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >> HTTP/1.1" >> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61132 >> <http://10.9.79.52:61132/> [02/Feb/2022:14:51:44.060] >> portal-http-10.0.255.99 10.0.255.99-backend/127.0.0.1 <http://127.0.0.1/> >> 0/0/0/129/129 200 7146 - - ---- 4/2/0/0/0 0/0 {wifi.fispy.mx >> <http://wifi.fispy.mx/>} "GET /access?lang= HTTP/1.1" >> Feb 2 14:51:49 wifi haproxy[2427]: 10.9.79.52:61133 >> <http://10.9.79.52:61133/> [02/Feb/2022:14:51:49.219] >> portal-http-10.0.255.99 static/127.0.0.1 <http://127.0.0.1/> 0/0/0/1/1 200 >> 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET >> /common/network-access-detection.gif?r=1643838716546 HTTP/1.1" >> Feb 2 14:51:55 wifi haproxy[2427]: 10.9.79.52:61130 >> <http://10.9.79.52:61130/> [02/Feb/2022:14:51:55.287] >> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1 <http://127.0.0.1/> >> 0/0/0/136/136 302 1018 - - ---- 4/1/0/0/0 0/0 {wifi.fispy.mx >> <http://wifi.fispy.mx/>} "GET >> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >> HTTP/1.1” >> >> >> >>> On Feb 2, 2022, at 7:12 PM, Fabrice Durand <oeufd...@gmail.com >>> <mailto:oeufd...@gmail.com>> wrote: >>> >>> Hello Jorge, >>> >>> i will have a look closer. >>> But i have a question, when the device is forwarded to the captive portal, >>> (just before >>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>> >>> <https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin>) >>> , what is the url ? >>> You should be able to see it in the haproxy-portal.log file. >>> >>> Regards >>> Fabrice >>> >>> Le mer. 2 févr. 2022 à 10:18, Jorge Nolla <jno...@gmail.com >>> <mailto:jno...@gmail.com>> a écrit : >>> Hi Fabrice, >>> >>> >>> We almost have the configuration working, but are not sure how to get the >>> redirect to the client to work correctly. Attached is the documentation for >>> Cisco ISE which we used for PacketFence as well. >>> >>> Portal.fispy.mx <http://portal.fispy.mx/> is the Huawei AC. >>> >>> This is the format the client should get from PacketFence. This is the only >>> piece we are missing for this to work. >>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>> >>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)> >>> >>> >>> If we manually click on the link above, then the flow of traffic works >>> correctly CLIENT > AC > RADIUS (PacketFence), and authentication works. The >>> problem is that when the user logs in to the portal the redirect is broken. >>> The parameter for the redirect that PacketFence is serving, comes from a >>> configuration parameter within the AC. This configuration works fine for >>> Cisco ISE, but the URL format is not working for PacketFence. >>> >>> >>> When we configure the redirect this is what the client is getting from >>> PacketFence >>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>> >>> <https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin> >>> >>> >>> url-template name PacketFence >>> url https://wifi.fispy.mx/captive-portal >>> <https://wifi.fispy.mx/captive-portal> >>> url-parameter login-url switch_url https://portal.fispy.mx:8443/login >>> <https://portal.fispy.mx:8443/login> <<< THIS IS THE PARAMETER FOR THE >>> REDIRECT TO PACKETFENCE >>> >>> >>> >>> AC CONFIG >>> >>> authentication-profile name PacketFence >>> portal-access-profile PacketFence >>> free-rule-template default_free_rule >>> authentication-scheme PacketFence >>> accounting-scheme PacketFence >>> radius-server PacketFence >>> force-push url https://www.fispy.mx <https://www.fispy.mx/> >>> >>> radius-server template PacketFence >>> radius-server shared-key cipher >>> %^%#*)l=:1.X-Yd$\<~orEF@]<}NMejv3)E^\6;7:NUY%^%# >>> radius-server authentication 10.0.255.99 1812 source ip-address 10.7.255.2 >>> weight 90 >>> radius-server accounting 10.0.255.99 1813 source ip-address 10.7.255.2 >>> weight 80 >>> undo radius-server user-name domain-included >>> calling-station-id mac-format unformatted >>> called-station-id wlan-user-format ac-mac >>> radius-server attribute translate >>> radius-attribute disable HW-NAS-Startup-Time-Stamp send >>> radius-attribute disable HW-IP-Host-Address send >>> radius-attribute disable HW-Connect-ID send >>> radius-attribute disable HW-Version send >>> radius-attribute disable HW-Product-ID send >>> radius-attribute disable HW-Domain-Name send >>> radius-attribute disable HW-User-Extend-Info send >>> >>> url-template name PacketFence >>> url https://wifi.fispy.mx/captive-portal >>> <https://wifi.fispy.mx/captive-portal> >>> url-parameter login-url switch_url https://portal.fispy.mx:8443/login >>> <https://portal.fispy.mx:8443/login> <<< THIS IS THE PARAMETER FOR THE >>> REDIRECT TO PACKETFENCE >>> >>> web-auth-server PacketFence >>> server-ip 10.0.255.99 >>> port 443 >>> url-template PacketFence >>> protocol http >>> http get-method enable >>> >>> portal-access-profile name PacketFence >>> web-auth-server PacketFence direct >>> >>> >>> authentication-scheme PacketFence >>> authentication-mode radius >>> >>> wlan >>> security-profile name FISPY-WiFi >>> >>> vap-profile name FISPY-WiFi >>> service-vlan vlan-id 900 >>> permit-vlan vlan-id 900 >>> ssid-profile FISPY-WiFi >>> security-profile FISPY-WiFi >>> authentication-profile PacketFence >>> sta-network-detect disable >>> service-experience-analysis enable >>> mdns-snooping enable >>> >>> >>> >>> >>> ###CISCO ISE CONFIG TO COMPARE### >>> >>> url-template name CISCO-ISE >>> url >>> https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02 >>> >>> <https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02> >>> parameter start-mark # >>> url-parameter login-url switch_url https://portal.fispy.mx:8443/login >>> <https://portal.fispy.mx:8443/login> >>> >>> #################################### >>> >>> >>> >>> >>> >>> >>>> On Feb 2, 2022, at 6:17 AM, Fabrice Durand <oeufd...@gmail.com >>>> <mailto:oeufd...@gmail.com>> wrote: >>>> >>>> Hello Jorge, >>>> >>>> do you have any Huawei documentation to implement that ? >>>> >>>> Regards >>>> Fabrice >>>> >>>> >>>> Le mer. 26 janv. 2022 à 15:59, Jorge Nolla via PacketFence-users >>>> <packetfence-users@lists.sourceforge.net >>>> <mailto:packetfence-users@lists.sourceforge.net>> a écrit : >>>> Hi Team, >>>> >>>> We were wondering if anyone has had any success in configuring Web Auth >>>> for the Huawei AC? It’s somewhat critical for us to get this going. >>>> >>>> Thank you! >>>> Jorge >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> PacketFence-users@lists.sourceforge.net >>>> <mailto:PacketFence-users@lists.sourceforge.net> >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >>> >>> >>> >> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users